Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
26-05-2024 22:32
General
-
Target
081a7d566ac990d82a1ed60b834a22b0_NeikiAnalytics.exe
-
Size
212KB
-
MD5
081a7d566ac990d82a1ed60b834a22b0
-
SHA1
ca5ad62e37ae1193d821f861520542ffdbbdff11
-
SHA256
e62497ff6d4effe189801b4761939b082811183d69ce45196f025bf07b7a5c72
-
SHA512
8e2b9ae3f8ff155e6b6155419e7eec1f30a3216c435db666fead1c9d6562090e1f67d2de3f78f86a13ac421b18a7b44ee43544bf4f5cd66057a5c75f0122396e
-
SSDEEP
6144:Hcm4FmowdHoSrXZf8l/ubPzYNLPf4t+lZ:V4wFHoSBK/ubLcfv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\081a7d566ac990d82a1ed60b834a22b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\081a7d566ac990d82a1ed60b834a22b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhnnt.exec:\9hhnnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlrxlr.exec:\lrlrxlr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhnh.exec:\btnhnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpj.exec:\pjdpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlfxx.exec:\xlrlfxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtbt.exec:\bthtbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjpp.exec:\1vjpp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrlxr.exec:\rrxrlxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnhn.exec:\hhbnhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppd.exec:\vpppd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxrxfl.exec:\9lxrxfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhnt.exec:\nhhhnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvv.exec:\pjdvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfxxx.exec:\xrrfxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlllfl.exec:\3rlllfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnhn.exec:\nhbnhn.exe17⤵
- Executes dropped EXE
-
\??\c:\1vjpj.exec:\1vjpj.exe18⤵
- Executes dropped EXE
-
\??\c:\xlfrfrl.exec:\xlfrfrl.exe19⤵
- Executes dropped EXE
-
\??\c:\1nnnbn.exec:\1nnnbn.exe20⤵
- Executes dropped EXE
-
\??\c:\pppvp.exec:\pppvp.exe21⤵
- Executes dropped EXE
-
\??\c:\7fxflrx.exec:\7fxflrx.exe22⤵
- Executes dropped EXE
-
\??\c:\5bbbtn.exec:\5bbbtn.exe23⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe24⤵
- Executes dropped EXE
-
\??\c:\xfxlrfl.exec:\xfxlrfl.exe25⤵
- Executes dropped EXE
-
\??\c:\hbhbhh.exec:\hbhbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe27⤵
- Executes dropped EXE
-
\??\c:\pvjvj.exec:\pvjvj.exe28⤵
- Executes dropped EXE
-
\??\c:\ttnbnt.exec:\ttnbnt.exe29⤵
- Executes dropped EXE
-
\??\c:\7pdjp.exec:\7pdjp.exe30⤵
- Executes dropped EXE
-
\??\c:\1ffxfxf.exec:\1ffxfxf.exe31⤵
- Executes dropped EXE
-
\??\c:\ttthbn.exec:\ttthbn.exe32⤵
- Executes dropped EXE
-
\??\c:\bnnnnn.exec:\bnnnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\rlffxfr.exec:\rlffxfr.exe34⤵
- Executes dropped EXE
-
\??\c:\3rllrlr.exec:\3rllrlr.exe35⤵
- Executes dropped EXE
-
\??\c:\nhbbtb.exec:\nhbbtb.exe36⤵
- Executes dropped EXE
-
\??\c:\7jvjd.exec:\7jvjd.exe37⤵
- Executes dropped EXE
-
\??\c:\fxlffxf.exec:\fxlffxf.exe38⤵
- Executes dropped EXE
-
\??\c:\llfrlxl.exec:\llfrlxl.exe39⤵
- Executes dropped EXE
-
\??\c:\nnthbh.exec:\nnthbh.exe40⤵
- Executes dropped EXE
-
\??\c:\ttbbbh.exec:\ttbbbh.exe41⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe42⤵
- Executes dropped EXE
-
\??\c:\rxllxlr.exec:\rxllxlr.exe43⤵
- Executes dropped EXE
-
\??\c:\ffxlflx.exec:\ffxlflx.exe44⤵
- Executes dropped EXE
-
\??\c:\ttnnbn.exec:\ttnnbn.exe45⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe46⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe47⤵
- Executes dropped EXE
-
\??\c:\3xlxrxl.exec:\3xlxrxl.exe48⤵
- Executes dropped EXE
-
\??\c:\1fxrxfl.exec:\1fxrxfl.exe49⤵
- Executes dropped EXE
-
\??\c:\hbtthn.exec:\hbtthn.exe50⤵
- Executes dropped EXE
-
\??\c:\nhnthn.exec:\nhnthn.exe51⤵
- Executes dropped EXE
-
\??\c:\vvvdp.exec:\vvvdp.exe52⤵
- Executes dropped EXE
-
\??\c:\ffxllxx.exec:\ffxllxx.exe53⤵
- Executes dropped EXE
-
\??\c:\fffrlrf.exec:\fffrlrf.exe54⤵
- Executes dropped EXE
-
\??\c:\bbhhth.exec:\bbhhth.exe55⤵
- Executes dropped EXE
-
\??\c:\3pdjp.exec:\3pdjp.exe56⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe57⤵
- Executes dropped EXE
-
\??\c:\ffxflrx.exec:\ffxflrx.exe58⤵
- Executes dropped EXE
-
\??\c:\xrxllfx.exec:\xrxllfx.exe59⤵
- Executes dropped EXE
-
\??\c:\btntnh.exec:\btntnh.exe60⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe61⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe62⤵
- Executes dropped EXE
-
\??\c:\1xrxflf.exec:\1xrxflf.exe63⤵
- Executes dropped EXE
-
\??\c:\ttbbhh.exec:\ttbbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\ttnttt.exec:\ttnttt.exe65⤵
- Executes dropped EXE
-
\??\c:\jjpdp.exec:\jjpdp.exe66⤵
-
\??\c:\lflrffr.exec:\lflrffr.exe67⤵
-
\??\c:\9xxrxrx.exec:\9xxrxrx.exe68⤵
-
\??\c:\thnhnh.exec:\thnhnh.exe69⤵
-
\??\c:\vpppv.exec:\vpppv.exe70⤵
-
\??\c:\3jpjj.exec:\3jpjj.exe71⤵
-
\??\c:\3rlrfff.exec:\3rlrfff.exe72⤵
-
\??\c:\7htnbt.exec:\7htnbt.exe73⤵
-
\??\c:\nbnbnt.exec:\nbnbnt.exe74⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe75⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe76⤵
-
\??\c:\rlxfrxl.exec:\rlxfrxl.exe77⤵
-
\??\c:\1lfxllr.exec:\1lfxllr.exe78⤵
-
\??\c:\9tnbtt.exec:\9tnbtt.exe79⤵
-
\??\c:\9bbnbh.exec:\9bbnbh.exe80⤵
-
\??\c:\5jdvd.exec:\5jdvd.exe81⤵
-
\??\c:\1lrxfxf.exec:\1lrxfxf.exe82⤵
-
\??\c:\lxfflfr.exec:\lxfflfr.exe83⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe84⤵
-
\??\c:\hnhttb.exec:\hnhttb.exe85⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe86⤵
-
\??\c:\fxrxrxl.exec:\fxrxrxl.exe87⤵
-
\??\c:\flrfllr.exec:\flrfllr.exe88⤵
-
\??\c:\5bnbhb.exec:\5bnbhb.exe89⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe90⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe91⤵
-
\??\c:\xrlfffr.exec:\xrlfffr.exe92⤵
-
\??\c:\bhhbnh.exec:\bhhbnh.exe93⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe94⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe95⤵
-
\??\c:\9xffffr.exec:\9xffffr.exe96⤵
-
\??\c:\lfrlfff.exec:\lfrlfff.exe97⤵
-
\??\c:\tbhbbb.exec:\tbhbbb.exe98⤵
-
\??\c:\3thtbt.exec:\3thtbt.exe99⤵
-
\??\c:\jddpd.exec:\jddpd.exe100⤵
-
\??\c:\7pdjp.exec:\7pdjp.exe101⤵
-
\??\c:\7rxxrlr.exec:\7rxxrlr.exe102⤵
-
\??\c:\lxlrxxf.exec:\lxlrxxf.exe103⤵
-
\??\c:\htnhbb.exec:\htnhbb.exe104⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe105⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe106⤵
-
\??\c:\lfffllx.exec:\lfffllx.exe107⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe108⤵
-
\??\c:\5bbntb.exec:\5bbntb.exe109⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe110⤵
-
\??\c:\lfrxxxl.exec:\lfrxxxl.exe111⤵
-
\??\c:\xlxrlrx.exec:\xlxrlrx.exe112⤵
-
\??\c:\5tbhbn.exec:\5tbhbn.exe113⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe114⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe115⤵
-
\??\c:\lfllxxf.exec:\lfllxxf.exe116⤵
-
\??\c:\tnnbbb.exec:\tnnbbb.exe117⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe118⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe119⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe120⤵
-
\??\c:\xlrlrlf.exec:\xlrlrlf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-